我应该在哪里使用 RSpec 测试授权?
当您使用 RSpec 创建 Rails 应用程序时,三个文件夹似乎就足够了:
- 规格/路由
- 规格/要求
- 规格/控制器
如果用户登录,我应该在哪个测试?我应该测试一种以上的规格类型吗?
问问题
3064 次
1 回答
10
你的问题有一个微妙的区别。Authorization通常指的是用户在应用程序中拥有的权限。Authentication推荐用户注册和登录用户。
就目前Authentication而言,我通常更喜欢使用integration/requests规范或acceptance/feature specs. 最近首选功能规范,因为 Capybara DSL (page和visit) 仅在功能规范中可用。在 2.x 升级之前,它们曾经在请求规范中被允许。
我将测试注册、登录和退出等内容。例如,
# signing_up_spec.rb
feature 'Signing up' do
scenario 'Successful sign up' do
visit '/'
within 'nav' do
click_link 'Sign up'
end
fill_in "Email", :with => "user@ticketee.com"
fill_in "Password", :with => "password"
fill_in "Password confirmation", :with => "password"
click_button "Sign up"
page.should have_content("Please open the link to activate your account.")
end
end
这允许您测试更高级别的方面,并让您看到应用程序中的不同组件(控制器、视图等)协同工作。根据定义,这是一个集成/验收测试。signing_in_spec.rb我会为和做同样的事情signing_out_spec.rb
现在Authorization,我会选择使用控制器规格。这允许您测试用户有权访问的各个操作。这些控制器规范本质上更细化,并且根据定义是单元/功能测试。例如,假设您有一个工单资源,并且您想测试只有某些用户才能访问某些特定功能
# tickets_controller_spec.rb
describe TicketsController do
let(:user) { FactoryGirl.create(:confirmed_user) }
let(:project) { FactoryGirl.create(:project) }
let(:ticket) { FactoryGirl.create(:ticket, :project => project,
:user => user) }
context "standard users" do
it "cannot access a ticket for a project" do
sign_in(:user, user)
get :show, :id => ticket.id, :project_id => project.id
response.should redirect_to(root_path)
flash[:alert].should eql("The project you were looking for could not be found.")
end
context "with permission to view the project" do
before do
sign_in(:user, user)
define_permission!(user, "view", project)
end
def cannot_create_tickets!
response.should redirect_to(project)
flash[:alert].should eql("You cannot create tickets on this project.")
end
def cannot_update_tickets!
response.should redirect_to(project)
flash[:alert].should eql("You cannot edit tickets on this project.")
end
it "cannot begin to create a ticket" do
get :new, :project_id => project.id
cannot_create_tickets!
end
it "cannot create a ticket without permission" do
post :create, :project_id => project.id
cannot_create_tickets!
end
it "cannot edit a ticket without permission" do
get :edit, { :project_id => project.id, :id => ticket.id }
cannot_update_tickets!
end
it "cannot update a ticket without permission" do
put :update, { :project_id => project.id,
:id => ticket.id,
:ticket => {}
}
cannot_update_tickets!
end
it "cannot delete a ticket without permission" do
delete :destroy, { :project_id => project.id, :id => ticket.id }
response.should redirect_to(project)
flash[:alert].should eql("You cannot delete tickets from this project.")
end
it "can create tickets, but not tag them" do
Permission.create(:user => user, :thing => project, :action => "create tickets")
post :create, :ticket => { :title => "New ticket!",
:description => "Brand spankin' new",
:tag_names => "these are tags"
},
:project_id => project.id
Ticket.last.tags.should be_empty
end
end
end
end
我发现 和 的组合在Rails 应用程序中的两种类型的测试中都表现良好rspec-rails。capybarafactory_girl_rails
上面的示例取自github 上的 Rails3Book 存储库。查看 repo 以获取更多示例。这是在测试 Rails 应用程序时查看可能性的好方法。
于 2013-06-19T22:33:48.150 回答